How to use an external SQL database with Keycloak?
I have a sql database that contains my clients from my application.
If you have a pre-existing database with your own custom table structure for identity and access (most likely, you rolled your own user and role tables and probably some other tables as well), you can implement Keycloak's "User Storage SPI" in order to connect your database to Keycloak.
To do this, see the docs.
Related
Wanted to confirm if it is not possible to create a schema from a share.
I see from the documentation that once a share (from a schema not the entire database) is created/enabled by the provider account,I/the consumer account can only leverage the share by creating a new database.
I/Consumer already have a snowflake database & would like to just point the schema from the provider that is enabled as share to a new schema on my side in the existing database. This avoids the need to maintain multiple databases.
Br,
Noor.
It is not possible.
In consumer side, the ff. command is used to consume a share:
CREATE DATABASE <name> FROM SHARE <provider_account>.<share_name>;
Hence, consumption can only be done in database level. This effectively creates a read-only database (unlike regular/local databases), all of its objects are controlled by the provider.
Additionally, IMPORTED PRIVILEGES is used to grant roles in consumer side access on shared database. Cannot grant this privilege on a Schema.
I am trying to share my Snowflake Database(default metadata)--> Account_Usage schema --> Query_History table to another managed account (i.e. reader account) but the data is not visible in another account.
is there any way to share the snowflake database without duplicating the data?
I am getting error as Already Imported Database (i.e) SNowflake cannot be shared for Datashare option.
for a Managed account for usage, I Snowflake database and schemas are available but are not able to see the data which is available.
According to the documentation you can't re-share any database that is shared with you:
Shared databases and all the objects in the database cannot be forwarded (i.e. re-shared with other accounts).
Since the Snowflake database is one that is shared to you from Snowflake, this is probably why you're having issues.
If you need to do this your best bet is to create a table and populate it with the data you need from the Snowflake database and share that table instead. Although it is strange that you'd want to share this info with another account.
Your other option would be to create database/schema in your account with views over the account usage data that you want to share, create a role that can access only that, and then provide a user login with that role only to the group needing to do analytics on your data.
I need to restore the database from a different environment where different logins are used but I want to keep permission to this database for already existing login on this server.
Now, after restoring my login on the targeted server it lost mapping for this database (and owner role)
I want to restore everything inside the database and same time I don't want to map the database and add owner role to the login.
Is it even possible?
I've tried different ways of restore - deleting before restore, as well as delete but not to close existing connections. The result is the same, I need to map new restored DB again and add the owner role.
Normally database users have to be mapped to instance logins to work, but if you want to make your DB more instance independent and control your database from the inside of it then the solution for you would be a Contained Databases.
From MS BOL:
A contained database is a database that is isolated from other
databases and from the instance of SQL Server that hosts the database.
SQL Server 2017 helps user to isolate their database from the instance
in 4 ways.
Much of the metadata that describes a database is maintained in the database. (In addition to, or instead of, maintaining metadata in the
master database.)
All metadata are defined using the same collation.
User authentication can be performed by the database, reducing the databases dependency on the logins of the instance of SQL Server.
The SQL Server environment (DMV's, XEvents, etc.) reports and can act upon containment information.
I am building a multi tenant application with NodeJS and MSSQL on the backend which will have one instance running. I think about using schema based multi tenancy architecture, meaning single database with separate schema for each tenant `[Tenant1].[DataTable1], [Tenant2].[DataTable1]`.
My question is what is the better way to implement this to handle correct "routing" of SQL queries from different tenants?
I came with four solutions:
Use Connection Pools - each tenant user will have a separate SQL connection with a different database user (who has default schema and access to it only).
Use single SQL connection but add EXECUTE AS USER = 'Tenant1' .. REVOKE to each query (database user has default schema and access to it only).
Or have shared database with single schema
Row-Level Security, but it seems that it could have a performance impact.
Add Tenant_table and insert tenant_id into each row.
I am transitioning a project from Advantage Database Server to MS SQL server. In Advantage, you can password protect an individual table, which is also encrypted. As such, you cannot open, view, update, etc. the table without the password. I place my project's registration information in this table, so I don't want any user to be able to look at its contents.
I cannot find a similar function in SQL server. Encrypting the data is insufficient. So my question is: is there a way to password protect a table in SQL Server.
In SQL server you can link various access roles to the users. These roles can be applied to tables, views, stored procedures etc. The best thing to do is to create views on the database, and let the users access specific views, rather than giving permissions on all DB objects.
Alternatively, you can deny permissions on a specific table to a user or a role.
Here are two articles on MSDN that will get you started:
GRANT Object Permissions
DENY Object Permissions